from the the-last-time-we-reformed-our-privacy-laws... dept

For many, many years, we've been talking about the need for ECPA reform. ECPA -- the Electronic Communications Privacy Act -- is an incredibly outdated piece of legislation from the 1980s that governs law enforcement's ability to access email and other electronic communications. This was the era before the internet was anywhere close to the mainstream (though it did exist). Among the various weird parts of the law, it says that any communication that is over 180 days old and still on a server is considered "abandoned" so that the government can access it without a warrant. Think about that in this era when you keep all your communications online. It was written when lawmakers thought people would "download" the messages off a server. That's just the most noteworthy problem -- there are all sorts of different definitions based on messages that have been opened or not opened and other oddities as well, almost none of which make sense.

Last year we noted that more than half of the House was co-sponsoring a bill put forth by Reps. Kevin Yoder and Jared Polis to reform ECPA in a big way. But even with so many supporting the law, it failed to move. A big hurdle? Both the IRS and SEC (note: not your standard law enforcement agencies) like the fact that they can use ECPA to snoop through electronic communications (without a warrant -- which those agencies can't get on their own anyway).

Yoder and Polis are back again with another attempt, and it's matched by a similar legislation in the Senate from Senators Patrick Leahy and Mike Lee. To get attention for the bill, Yoder, Polis and some other supporters took to Twitter in a bit of a meme fest, highlighting some historical facts to demonstrate just how long it's been since ECPA became law. It's worth scrolling through them all (though, there are a lot), because some are pretty funny:

At this point, it's a complete travesty that such a bill hasn't become law. People have explained the need for it for well over a decade, and more than half of Congress was signed on to co-sponsor it in the last Congressional term. Already this new bill has 228 additional co-sponsors in the House and another 6 co-sponsors in the Senate. The IRS and SEC's objections are simply ridiculous. Having more convenient access to someone's emails is no excuse for not better protecting the privacy of our online communications.

Of course, this isn't the only effort going on to protect privacy. Reps. Zoe Lofgren, Ted Poe and Suzan DelBene have also introduced a bill to update ECPA. It's pretty clear that Congress knows that the law needs to be updated, and it's time to get past whatever objections there are and actually start protecting our privacy.

from the not-thinking-it-through dept

Techdirt has recently reported on New York's top prosecutor calling for laws against strong encryption on smartphones. This is part of a larger move by the authorities on both sides of the Atlantic to demonize this technology, as we noted before. In the wake of the murders in Paris, many of the same politicians and officials have lost no time in calling for more surveillance, again in both the US and Europe. One of those doing so is David Cameron, who said that, if re-elected in the UK general election in May, he would bring in an even more intrusive version of the Snooper's Charter -- one that sought access not just to everyone's metadata, but to the content of their messages too. This is how he phrased it:

The question is are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: no, we must not.

Leaving aside the fact that Cameron seems to be saying that he wishes to make privacy impossible and/or illegal in the UK, one key question here is: how does he intend to do this? Neither the UK government nor the Conservative party offered any clarification about this election "promise," which has inevitably led to speculation. For example, The Independent newspaper wrote as follows:

David Cameron could block WhatsApp and Snapchat if he wins the next election, as part of his plans for new surveillance powers announced in the wake of the shootings in Paris.

The Prime Minister said today that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant. But that could include popular chat and social apps that encrypt their data, such as WhatsApp.

Apple's iMessage and FaceTime also encrypt their data, and could fall under the ban along with other encrypted chat apps like Telegram.

None of those programs was mentioned by Cameron in his speech. But many other news outlets have taken that speculation and reported it as if it were certain; others have interpreted his comments to mean that Cameron aims to ban or perhaps backdoor all strong encryption. It's quite possible that Cameron and his advisers have not thought this through, and simply assume there must be some clever way to give access to the content of encrypted services without undermining them. But as Techdirt has emphasized before, there is no "golden key" that can be used by just the authorities and no one else.

UK services and users can be forced by the Regulation of Investigatory Powers Act (RIPA) to hand over whatever encryption keys they have. Most of the main online services come from US-based companies; some may choose to comply with UK warrants, but others probably won't. And then there is the extremely important class of open source encryption programs -- things like GnuPGP, OpenVPN and Tor: these don't always have companies that can be threatened with legal consequences. So what would Cameron do about those? Make their use illegal for all UK citizens? Even the increasingly-common HTTPS for general web servers is problematic: if they are located outside the UK, there is no way to force them to hand over their keys. So will Cameron forbid people from visiting millions of websites, just in case they allow some form of communication that can't be monitored?

Clearly, trying to implement this scheme will cause huge damage to the British public and to UK businesses, who will be more vulnerable to online attacks. It will also harm the UK economy, since startups with digital products or services will find users in other countries unwilling to use products that have been forced to insert backdoors for the UK intelligence services. And it will further harm the UK's already battered reputation as a civilized country, since Cameron's call to abolish all online privacy goes beyond even the worst oppressive regime (China must be delighted by his speech.)

However, there is a small consolation to be drawn from this extraordinarily stupid and dangerous call by Cameron. The fact that something so controversial is being proposed at all confirms one of the most important points made by Snowden: encryption works.

Here's the gist of it, which I can hopefully convey without copy-pasting the entirety of the short, extremely self-satisfied piece.

I was at the National Security Agency yesterday giving a Constitution Day speech and I learned details of a shocking collection program: The government is bulk collecting all traffic on Twitter. Under a program menacingly called “Bulk Data in Social Media” and abbreviated—appropriately enough—as BDSM [insert proxy self-amused snicker here], Twitter has been providing all public traffic since 2010 for a massive government database that, as of early last year, contained 170 billion tweets. The goal of this program? To “collect the story of America” and to “acquire collections that will have research value” to analysts and others.

Those of you who are not the morons Wittes makes you out to be will already know where this is headed. Wittes breathlessly adds in italics that Twitter does this voluntarily without a court order or FISA court review.

Yes, the Library of Congress is collecting every Tweet with the blessing of Twitter itself, and has been doing so for years. It was in all the papers. Those of us opposed to the NSA's bulk collections are supposed to stare deep inside ourselves as Wittes fumblingly twists the rhetorical knife.

So here’s the question: If you were shocked when you read the first paragraph of this post and relieved when you read that the agency doing all this collection is not NSA but the good guys over at the Library of Congress, and that the good guys are actually planning to make that data available widely, why did you have those reactions? And do those reactions make sense?

First of all, no one with any amount of sense would claim that the government can't access or collect public messages on a public platform. That's an expectation we live with when we use these services. But the collection of every public tweet for archival and research purposes is far different than the collection of private metadata and communications for the purposes of rooting out threats to the nation's security. (Or fighting drug wars, etc.)

It's called intent. Wittes should look that up. Also, he should perhaps look into the difference between public and private info if he's got the time.

While many people use social media to lay bare certain aspects of their lives, a high percentage of them do not reveal everything, or at least not as much as "just metadata" can reveal. Many intimate details about a person's life can be revealed by the data they "voluntarily" hand over to third parties. Cops can track people's movements with license plate data. The NSA can peer deeply into a person's life with bulk phone records. People don't "volunteer" this information, but there's no way to opt out. Vehicles travel outside on public roads. Phone connection data is collected because phone companies need to track usage for billing (and are required to do so by the federal government).

Billions of tweets are all given up voluntarily by Twitter users. Even those who regret tweets they've sent or accounts they made still know in the back of their mind it's been archived somewhere. It's public speaking on a public platform.

Which brings us to another major difference between the two: transparency.

The Library of Congress has addressed this collection program publicly a number of times. Twitter also publicly announced this partnership. If anyone wanted to avoid being part of this collection, they could simply avoid using the platform -- a choice more realistic than the government's continued assertion that travel and communication are "luxuries" in which we wlllingly exchange our rights for convenience.

What has the NSA announced? Not a goddamn thing. It's only talking now because someone took its secret programs and spread them all over the internet. Now it has to address these issues, but even in this era of forced openness, it still deploys a tremendous amount of black ink.

I'm sure Wittes' post garnered a few chortles from like-minded individuals (including some he heavily elbowed in the ribs), but the whole setup is disingenuous. It conveniently ignores crucial differences between the two forms of collections in hopes of portraying the anti-NSA crowd as ultimately no more complex than single-celled organisms. The good news is that those of us on this side of the divide are constantly underestimated by those whose views skew more towards Wittes'.

This sort of presumptive arrogance is what allowed a government contractor to walk out the door with thousands of classified documents from the top national security entity in the world -- one with a massive budget and the best minds the government could hire. The NSA simply believed nothing of that scope would happen to No Such Agency, even with an obviously lax set of internal controls. Now it's been burned. And yet, its apologists still think they can talk down to everyone on the other side of argument.

The story* is built around the implied claim that 90% of NSA intercept data is about innocent people. I think the statistic is a phony. Especially in an article that later holds up US law enforcement practice as a superior model.

*I've add a link to the actual story Baker's complaining about because he clearly can't be arsed. Apparently, this is how certain bloggers subtweet.

In his explanation of how Sturgeon's Law relates to the NSA's national security aims, Baker gives the example of an unnamed law enforcement agency poking into his email account during an investigation.

Suppose I become the target of a government investigation. The government gets a warrant [ed. note: lol] and seizes a year’s worth of my email. Looking at my email patterns, that’s about 3500 messages. About twenty percent – say 750 –are one-off messages that I can handle with a short reply (or by ignoring the message). Either way, I’ll never hear from that person again. And maybe a quarter are from about 50 people I hear from at least once a week. The remainder are a mix — people I trade emails with for a while and then stop, or infrequent correspondents that can show up any time. Conservatively, let’s say that about 200 people are responsible for the portion of my annual correspondence that falls into that category. In sum, the total number of correspondents in my stored email is 750+200+50 = 1000. So the criminal investigators who seized and stored my messages from me, their investigative target, and 1000 people who aren’t targets.

So, in this example 99.9% of everything was irrelevant, but the agency doesn't know that until it's looked through all of it. Fair enough. But what does law enforcement do with the irrelevant information? (Don't answer that.) In a perfect world, the government/law enforcement agency disposes of the irrelevant data. That's what the laws governing search warrants and the minimization provisions governing the NSA's collections direct these agencies to do. But what does the NSA actually do with this 90% irrelevant information?

Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.

[...]

The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers. Raj De, the agency’s general counsel, has testified that the NSA does not generally attempt to remove irrelevant personal content, because it is difficult for one analyst to know what might become relevant to another.

If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply “lurked,” reading passively what other people wrote.

“1 target, 38 others on there,” one analyst wrote. She collected data on them all.

In other cases, the NSA designated as its target the Internet protocol, or IP, address of a computer server used by hundreds of people.

And, unlike the targeted search Baker alludes to, nothing is regarded as irrelevant because the agency can't even determine what might or might not be worth keeping. In a targeted, warranted search, law enforcement generally has an idea of what it's looking for. With the NSA, it's "collect it all" because something might prove to be relevant later and besides, look at our shiny new storage space!

The NSA's deliberate collection of non-targeted communications is more analogous to law enforcement grabbing Baker's friends' and family's email as well --- even though they're not listed on the warrant -- simply because these all intersect with his account at some point -- and then holding onto it for x number of years simply because one analyst says it might be relevant to the investigation at some undetermined point.

The government can actually get in trouble for doing exactly the thing Baker claims is no big deal (and built on "phony statistics"). Just last month, the Second Circuit Court ruled that the feds held onto data unrelated to their stated investigation for too long, violating the plaintiff's Fourth Amendment rights. When the NSA does this to American citizens not currently targeted by counterterrorism investigations, it's doing the same thing. Only in the NSA's case, it does this on a massive scale, unimpeded by the limitations of specific warrants. One order nets the NSA nearly 90,000 targets and, apparently, the communications of nearly 800,000 others, if the ratio holds.

Baker's analogy doesn't stand up to the slightest scrutiny, and he willfully ignores the NSA's long-term storage of irrelevant communications to make his point. He claims Barton Gellman's being dishonest, but who's really applying the most spin here?

from the expectation-of-privacy? dept

We've already questioned if it's really true that the 4th Amendment doesn't apply to foreigners (the Amendment refers to "people" not "citizens"). But in some new filings by the DOJ, the US government appears to take its "no 4th Amendment protections for foreigners" to absurd new levels. It says, quite clearly, that because foreigners have no 4th Amendment protections it means that any Americans lose their 4th Amendment protections when communicating with foreigners. They're using a very twisted understanding of the (already troubling) third party doctrine to do this. As you may recall, after lying to the Supreme Court, the Justice Department said that it would start informing defendants if warrantless collection of information under Section 702 of the FISA Amendments Act (FAA) was used in the investigation against them.

The Supreme Court has long held that when one person voluntarily discloses information to another, the first person loses any cognizable interest under the Fourth Amendment in what the second person does with the information. . . . For Fourth Amendment purposes, the same principle applies whether the recipient intentionally makes the information public or stores it in a place subject to a government search. Thus, once a non-U.S. person located outside the United States receives information, the sender loses any cognizable Fourth Amendment rights with respect to that information. That is true even if the sender is a U.S. person protected by the Fourth Amendment, because he assumes the risk that the foreign recipient will give the information to others, leave the information freely accessible to others, or that the U.S. government (or a foreign government) will obtain the information.

This argument is questionable on so many levels. First, it's already relying on the questionable third party doctrine, but it seems to go much further, by then arguing that merely providing information to a foreign person means that it's okay for the US government to snoop on it without a warrant. The DOJ further defends this by saying, effectively, that foreign governments might snoop on it as well, so that makes it okay:

Moreover, any expectation of privacy of defendant in his electronic communications with a non-U.S. person overseas is also diminished by the prospect that his foreign correspondent could be a target for surveillance by foreign governments or private entities.

With this, it appears the DOJ is trying to attack the idea of the reasonable expectation of privacy that has been the basis of the 4th Amendment in the US. They're effectively arguing that since foreign governments might look at the info too, you should have no expectation of privacy in any communications with foreigners and thus you've waived all 4th Amendment protections in that content.

That's crazy.

In fact, they flat out admit that they're stripping Americans of any 4th Amendment rights with this claim, noting that communicating with foreigners means you've likely "eliminated" your 4th Amendment protections.

The privacy rights of US persons in international communications are significantly diminished, if not completely eliminated, when those communications have been transmitted to or obtained from non-US persons located outside the United States.

The implications of this argument, if upheld by the court is staggering. It would seem to fly in the face of basic logic and historical 4th Amendment law, all discussing how it's the expectation of privacy that matters. And I'm fairly certain that most of us who regularly communicate with folks outside the US have quite a reasonable expectation of privacy in such communications (though, to be fair, I've been much more actively using encryption when talking to people outside the US lately).

As Jameel Jaffer of the ACLU points out, this eviscerates basic Constitutional protections for many Americans:

The government's argument is not simply that the NSA has broad authority to monitor Americans' international communications. The US government is arguing that the NSA's authority is unlimited in this respect. If the government is right, nothing in the Constitution bars the NSA from monitoring a phone call between a journalist in New York City and his source in London. For that matter, nothing bars the NSA from monitoring every call and email between Americans in the United States and their non-American friends, relatives, and colleagues overseas.

In the government's view, there is no need to ask whether the 2008 law violates Americans' privacy rights, because in this context Americans have no rights to be violated.

I'm curious if anyone wants to defend this as a reasonable interpretation of the 4th Amendment, because it seems quite clearly a complete bastardization of what the 4th Amendment says and how courts have interpreted it over the years.

The United States built Twitter-like social media programs in Afghanistan and Pakistan, like one in Cuba, that were aimed at encouraging open political discussion, Obama administration officials said Friday. But like the program in Cuba, which was widely ridiculed when it became public this month, the services in Pakistan and Afghanistan shut down after they ran out of money because the administration could not make them self-sustaining.

In all three cases, American officials appeared to lack a long-term strategy for the programs beyond providing money to start them.

Administration officials also said Friday that there had been similar programs in dozens of other countries, including a Yes Youth Can project in Kenya that was still active.

While you can see the appeal of better helping citizens in these countries communicate with each other, the secrecy concerning who is behind them is where it gets troubling. As the case in Cuba with ZunZuneo, we noted that this helps legitimize every crackpot theory about how various programs are really US government fronts.

In fact, as you read the details of these programs, many of them do appear to have been set up with perfectly noble intentions, to help people better communicate and share ideas. But having the US government behind them -- especially given all of the recent revelations about US surveillance -- completely undermines that intent. Furthermore, it really doesn't seem like any of these services have had much of an impact at all. Instead, in all of the cases where we've heard of social networking services having any impact, they're when citizens of a country adopt existing services, like Twitter and Facebook, rather than these specialized "local" services.

from the faux-outrage dept

We already covered Barton Gellman's fascinating interview with Ed Snowden, but there are some other interesting tidbits I wanted to cover in separate posts. In particular, Gellman reveals, via an anonymous source, that Director of National Intelligence, James Clapper, has admitted in private that he's not actually too concerned about terrorists changing their communications habits in the wake of the Snowden revelations. Basically, he recognizes that there are lots of ways to track and to find terrorists, and if they want to communicate efficiently, sooner or later they're going to trip up and reveal themselves:

Clapper has said repeatedly in public that the leaks did great damage, but in private he has taken a more nuanced stance. A review of early damage assessments in previous espionage cases, he said in one closed-door briefing this fall, found that dire forecasts of harm were seldom borne out.

“People must communicate,” he said, according to one participant who described the confidential meeting on the condition of anonymity. “They will make mistakes, and we will exploit them.”

Of course, this is quite different than the influx of reports from reporters quoting "anonymous administration officials" in late June, who kept insisting that the NSA was somehow damaged beyond all belief because terrorists were changing how they communicated. That was clearly overblown from the very beginning for a variety of reasons. First, the serious terrorists already suspected any such communications systems were compromised and weren't using them (see, for example, how bin Laden refused to use the internet at all). Second, the claim that officials knew terrorists had changed how they communicated showed that they were able to observe the new form of communication as well, suggesting no actual (or at least no significant) loss in ability to monitor.

Either way, it's interesting to see confirmed what most of us knew: that Clapper and the other NSA defenders have known pretty much all along that Snowden didn't do any real "harm," but they had no problem fanning the flames of misleading claims to make him out to have caused serious damage.

from the note:-they're-not-the-same dept

So, Tim Cushing already discussed the magically declassified FISC opinion, concerning how the NSA violated the 4th Amendment for many years with its searches. There's a lot of information in that and the other documents the Director of National Intelligence is finally disclosing (mostly due to FOIA requests, rather than the administration's professed newfound love of transparency). For example, it shows how, once again, the NSA has been incredibly misleading concerning the various revelations over the past few months. Let's take PRISM, for example, the program under Section 702 of the FISA Amendments Act that allows the government to access certain internet communications (not metadata, actual communications).

According to the NSA fact sheet, this program "does not allow the government to target the phone calls or emails of any U.S. citizen or any other U.S. person anywhere in the world, or any person known to the in the United States. It only allows the targeting of communications of foreigners, and even then only when those communications may have foreign intelligence value." The agency further notes that "any information about U.S. persons that may be incidentally acquired" is subject to "minimization procedures."

Targeted communications of foreigners, only when those communications may have foreign intelligence value. Okay. So, that actually makes some sense. We expect the NSA to be, for example, trying to get access to Al Qaeda bosses' emails. But... the reality as shown in the FISC ruling suggests it's not limited, it's barely targeted and those minimization procedures aren't taken very seriously. As you may recall, this is the very same fact sheet that Senator Wyden called out for being near-complete bullshit and which the NSA then removed.

The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target.

Except, of course, as we've been seeing over and over again, "foreign intelligence information" is not narrowly defined, and it doesn't appear that the NSA is very careful about all of this. From the FISC ruling we learn that this "small" and supposedly "targeted" project is something much much larger:

NSA acquires more than two hundred fifty million Internet communications each year pursuant to Section 702, but the vast majority of these communications are obtained from Internet service providers and are not at issue here..... Indeed, NSA's upstream collection constitutes only approximately 9% of the total Internet communications being acquired by NSA under Section 702.

If you don't follow this closely, it can be a bit difficult to parse out. The "upstream" collection is the stuff we were just talking about concerning snarfing up data directly from telcos. This "non upstream" data that is "obtained from Internet service providers" is PRISM (as noted in a footnote), and is the program that the NSA and the White House kept insisting above are narrow and targeted. Yet, here, they're admitting that via PRISM, they're getting 91% of the internet communications they're collecting -- which is 228 million records. Collected from tech companies via PRISM.

That's not targeted. Those 228 million communications are not "only when those communications may have foreign intelligence value." And I have difficulty seeing how anyone can call it "incidental" given the size. It appears to be an absolutely massive program that, once again, the NSA, the administration and their supporters have continued to misrepresent.

from the no-justification-needed dept

Although New Zealand's decision not to allow patents for programs "as such" was welcome, other moves there have been more problematic. For example, after it became clear that the New Zealand intelligence service, the Government Communications Security Bureau (GCSB), illegally wiretapped and spied on Kim Dotcom, the New Zealand government announced that it would change the law so as to make it legal in the future to snoop on New Zealanders as well as on foreigners. Judging by a major new bill that has been unveiled, that was just the start of a thoroughgoing plan to put in place the capability to spy on every New Zealander's Internet activity at any moment.
Here's an excellent analysis of what the bill proposes, from Thomas Beagle, co-founder of the New Zealand digital rights organization Tech Liberty:

The TICS [Telecommunications (Interception Capability and Security)] Bill is a replacement for the Telecommunications (Interception Capability) Act 2004. This law forced communications providers (ISPs, telcos, data networks, etc) to provide "lawful intercept" capabilities so that the Police, SIS and GCSB could access communications once they had a suitable warrant. The new bill expands and clarifies these requirements.

However, the addition of the word "security" is the key to what has changed. The new bill now gives the GCSB sweeping powers of oversight and control over the design, deployment and operation of all data and telecommunications networks run by network providers in New Zealand. The stated reasons are to both protect New Zealand's infrastructure and to ensure that surveillance agencies can spy on traffic when required. As part of this, the GCSB will have the power to stop network providers from reselling overseas services that do not provide these capabilities.

As Beagle goes on to explain, this will have a number of implications, including a requirement to build backdoors into all telecoms networks:

From the Bill:

A network operator must ensure that every public telecommunications network that the operator owns, controls, or operates, and every telecommunications service that the operator provides in New Zealand, has full interception capability.

Note that the surveillance agencies still need to have a legally issued warrant (under the Search & Surveillance Act, NZ SIS Act, or GCSB Act) to actually intercept any communications and there are obligations to avoid capturing communications that are not covered by the warrant.

Here's one way that could dramatically impact Internet users in New Zealand:

It then goes on to give the Minister the power to ban the resale of an off-shore telecommunications service in New Zealand if it does not provide interception capabilities. This could stop the resale of foreign-hosted VPNs, instant message services, email, etc.

Another clause could have major implications for Megaupload:

Network operators must decrypt the intercepted communications if they have provided the encryption, but there is no obligation to do so if the encryption is provided by others.

What does this mean for providers such as Mega (file locker) or LastPass (password storage) who have a business model based on the fact that they supply a cloud product that uses encryption but have deliberately designed it so that they can not decrypt the files themselves? This gives users the assurance that they can trust them with their data. Will the government close them down unless they provide a backdoor into the system?

One deeply troubling aspect is the following:

There is also a provision that allows the courts to receive classified information in a court case in the absence of the defendant or the defendant's lawyer. This applies to information that might reveal details of the interception methods used by the surveillance agency or is about particular operations in relation to any of the functions of the surveillance agency, or is provided as secret information from the surveillance agencies of another country. It can also be used if that disclosure would prejudice security of NZ, prejudice the maintenance of law, or endanger the safety of any person.

As Beagle notes:

particularly offensive to civil liberties are the provisions for convicting people based on secret evidence. How can you defend yourself fairly when you can't even find out the evidence presented against you?

He concludes with an important point:

One must ask where the justification for this expansion of power is coming from. Has New Zealand already been materially affected by attacks on our communications infrastructure? It seems clear that while the GCSB may not be that competent at exercising the powers they already have, they have done a fine job of convincing the government that they can handle a lot more.

That's a question that needs to be put to the governments of other countries, like the US and UK, that are also seeking to extend massively their ability to spy on their own citizens. What evidence do they have that such extreme, liberty-threatening powers are actually necessary, and will make the public safer, rather than simply being a convenient way for governments to identify whistleblowers who expose their incompetence and corruption, say, or to spy on those who dare to oppose them?

Next week in Strasbourg, probably on Tuesday, the European Parliament will be voting on a Report on eliminating gender stereotypes in the EU. To promote gender equality and eliminating gender stereotypes are of course very laudable goals, so my guess would be that unless something happens, the report will be approved by the parliament, possibly by a very large majority.

That would be a good thing, were it not for the following detail:

Article 17 of the report says (with emphasis added):

17. Calls on the EU and its Member States to take concrete action on its resolution of 16 September 1997 on discrimination against women in advertising, which called for a ban on all forms of pornography in the media and on the advertising of sex tourism;

There's no definition of "the media", but it's hard to believe that the digital world would somehow be exempt. Of course, banning pornography in this way simply won't work, but it will cause huge collateral damage to freedom of speech online in the EU. As if that weren't bad enough, the way the report wants this put into effect is deeply problematic too:

the resolution we will be voting on next week has other things to say about the internet. Article 14 reads (again with my highlighting):

14. Points out that a policy to eliminate stereotypes in the media will of necessity involve action in the digital field; considers that this requires the launching of initiatives coordinated at EU level with a view to developing a genuine culture of equality on the internet; calls on the Commission to draw up in partnership with the parties concerned a charter to which all internet operators will be invited to adhere;

This is quite clearly yet another attempt to get the internet service providers to start policing what citizens do on the internet, not by legislation, but by "self-regulation". This is something we have seen before in a number of different proposals, and which is one of the big threats against information freedom in our society.

This is another example of "voluntary" measures that will in fact by compulsory, since any ISP that refuses to implement them will doubtless find itself responsible instead. As we've noted before, this allows all kinds of dangerous ideas to be implemented in ways that are not subject to judicial review or even challenge.

It's important to note that this is not a law as such, but a report, as Engström explains:

This means that it does not automatically become law even if it is adopted, but is just a way for the European parliament to express its opinion.

But the purpose of these own initiative reports are to serve as the basis for the Commission when it decides to present legislative proposals to the parliament. If this own initiative report is adopted by the parliament, it will strengthen the Commission's position if and when it wants to propose various"self-regulation" schemes in the future.

around noon, these mails suddenly stopped arriving. When we started investigating why this happened so suddenly, we soon found out:

The IT department of the European Parliament is blocking the delivery of the emails on this issue, after some members of the parliament complained about getting emails from citizens.

This is exactly what happened with ACTA, when the Parliamentary authorities decided that all emails on the subject would go straight into the spam folder. It's extraordinary to see how quickly politicians forget that hundreds of thousands of people took to the streets to defend their online rights back then, and how unceremoniously dumping their emails in the spam folder only made things worse.

Discussions have been taking place on Twitter around the hashtag #mepblock (disclosure: I've been part of these), and an e-petition has been created, calling on European politicians to drop their censorship and to listen to their constituents as they are supposed to, instead of just ignoring them. There are still a few days before the vote next week, so there's plenty of time for further developments in what looks like becoming an increasingly heated debate.